phpnoob

'a' as in <a href="#">link</> is for anchor see http://w3schools.com.../html_links.asp under HTML Links - The id Attribute

Use anchor name as post id like <a name="pid12334"> when you print the posts. and use that id as anchor in link which will take user to it http://somesite.com/...etpost#pid12334

I'm not good in js, so plz help meI want to make a jump to the first unread post in forum and i figure it out, it need a js for moving the browser view to a hide div.Help me, at least if you not want to make full script, then post how to find a script in net, i try to search it but no luck

not sure but maybe the problem is here

if($_FILES['video_upload']['size'] <= $maxfilesize_vid ) {

the > was the problem

I was only guessing what they use the post ID for, you would have to look at the code to see if they're using it. I'm not sure what your other question is, but it could work to store the post count for the posts viewed. That may be an issue if posts get deleted.

I'm having a hard time understanding you.

It has both the topic and post IDs so that it knows which page to show of the topic if there are multiple pages. It shows the page with that post on it.

Now i know what need to do, i was wrong about how to go to the first unreaded post :)I was check some forum, this forum to, and now i know how to make 1 :)the browsercode its like this. forum.php/forum.php?f=topicview&p=3$view=gotonewpost the p number its forumtopic id numberall select its if, and this script start with view=gotonewpost GETNote postmark table have 4 column ID + Userid + Forumtopicid + postcountid, the strategy is this, first record its insert into, the second will be update record1. select table "postmark" and search Userid and forumtopicid and get the postcountid data2. select table "forumpost" and search forumtopicid and check if have higher post then postmark/postcountid have, if have or not, put the right id to browser with header loc.Browsed code:forum.php/forum.php?f=topicview&p=3$pid=1 3. and now just need a js for searching hide div id with that number what pid have, and go to that position. Just wondering, in here why have so many code showtopic=45754&pid=255007&st=0entry255007for entry i know that that code need to js for go to that hide div id, but for pid number why need?

I was made a nice website and i can tell how to make a good pass update script, but first i write how i was build my login security. in login.php, it have 2 way, cookie + session and the other have only session, in user table have session + cookie + ip column, session and cookie column have 32 lengh value, and before i log in the php make a random number and compress it to md5 and update both column, and after that create 1 session + cookie with that code, and it have a check.php, each browser freshing, it check all stat, cookie and session and ip address, and if something not match, then cookie and session will deleted.And now for the pass update, ingolme link just perfect for you, just don't forgot to put security in update script like in your reg script.

Do the tutorials first http://www.w3schools...php/default.asp then decide what kind of code you need. Then start writing it. Using the forums in the way you're suggesting would take a lot of time IMO. Much more then if you just did the tutorials first.

I don't want php code, only just want to know how to build it.Most forum have 2 simple way, the easy 1, only go to last post in thread, the other it go to the first unreaded post.The easy php its like thisI post the code step by step 1. counting how many post have in that thread2. start while for to select all record3. because of the first step you can get the last post id, and can put it to js, it need only a for code when need to active the js.so after the page loaded, the js will activate and go to last post by id searching in html But for how to reach the first unreaded post, cant figure how to do it, help me.

The point is you shouldn't be adding stuff. You're approaching the problem with the idea that you have "hackable data"^™, with which you do something, and it becomes "unhackable data"^™. Things don't work that way. Instead, you have "data safe for X, damaging the intended content in Y, unsafe for Z". No matter how many functions you pass over a piece of data, you always have X, Y and Z in there. The only difference is what X, Y and Z actually are. When you apply mysqli_real_escape_string(), you're making your data "safe for a string in MySQLi, damaging the intended content for almost anything else (including HTML), unsafe for a file path (and perhaps a few other things)". Similarly, when you apply htmlspecialchars(), you're making your data "safe for (X)HTML text, damaging the intended content for almost anything else (including a MySQLi string), unsafe for a URL (and perhaps a few other things)". So... to protect yourself from an SQL injection, you "use mysqli_real_escape_string() when the data is about to become a string in a MySQL query". At that moment (ONLY at that moment), the fact that the result of mysqli_real_escape_string() is unsecured or damaging in other contexts is irrelevant, because the context of an SQL query is the only one you need to care about at that moment. To protect yourself from an XSS attack, you "use htmlspecialchars() when the data is about to be written as a plain text within an HTML document". And again, ONLY at that moment.

?You didn't catch a word of what I said, did you?

If you're about to write it as part of HTML output, htmlspecialchars() is enough to turn the input into plain text, and thus protext your users from XSS attacks.

The point justsomeguy is trying to get at is that there's no universal "enough" way to deal with input. It depends on what you're about to do with the given input. If you're about to write it as part of HTML output, htmlspecialchars() is enough to turn the input into plain text, and thus protext your users from XSS attacks. If you're about to insert this into a database, that's not enough at all, and in fact, should not be used to begin with. You must use something like mysqli_real_escape_string() instead of htmlspecialchars().

we saw, but there is already a native function for what the OP wants.

maybe every1 blind? :)Already show 2 way for that problem.

Hi, I have created 2 tables (table1 and table2) inside same database. There will be a primary key "id" (auto-increment). I used the INSERT statement to insert a data to table1: mysql_query ("INSERT INTO table1 (name, age) VALUES ('$_SESSION[username]', '$_SESSION[age]')"); After the above sql statement run, how can I save the "id" of that record from table1 into table2 with some other new values? $datetime=date("d/m/Y h:i:s");mysql_query ("INSERT INTO table2 (id, datetime) VALUES ('id from table1','$datetime')"); Thanks.

$Check=mysql_query("SELECT * FROM table1 WHERE name="$_SESSION['username']" and age="$_SESSION['age']");if($checkid=mysql_fetch_array($Check)){$checkidfortable2=$checkid['id'];}

Look at what the function does and decide if you need it: http://www.php.net/m...pecialchars.php

1 more question Can i remove the first code in post protection?

$post=htmlspecialchars($_POST['post']);$search=array('<?','?>');$replace=array('<?', '?>');echo str_replace($search, $replace, $post);

the htmlspecialchars i was mean

You need to put the code before any other code that is going to use $_GET, $_POST, $_COOKIE, or $_REQUEST. That code removes slashes from the values in those arrays. So if you're going to use any values from those arrays, and you want the slashes removed, then that code needs to run before the code that gets the values from the arrays. Don't modify the code, just add it to one of your include files so that it runs before any code that uses one of the arrays and then the values in the arrays won't have slashes. You don't do anything with $fixed or any of the other variables in the code.

Don't change the code from the post, don't move the lines around or add your own code in unless you know what you're doing. And also don't put that code inside a function. The code should run before other code on your page that is going to use anything from $_GET, $_POST, or $_COOKIE. That code removes slashes from the form input. After it finishes then you just use the form input like normal and it won't have the extra slashes. Yes, that's what it says when you print an array.

Don't change the code from the post, don't move the lines around or add your own code in unless you know what you're doing. And also don't put that code inside a function. The code should run before other code on your page that is going to use anything from $_GET, $_POST, or $_COOKIE. That code removes slashes from the form input. After it finishes then you just use the form input like normal and it won't have the extra slashes. Yes, that's what it says when you print an array.

<?php mysql_connect("","","")or die("Error connection");mysql_select_db("")or die();include "include/check.php"; echo check();include "include/login.php"; include "main.php";include "online.php";$start_time = microtime(true);include "page.php";include "pregreplace.php";?>

all php

<?php session_start();include "config.php";$getpage=empty($_GET['listen']) ? header("Location: index.php?listen=news") : mysql_real_escape_string($_GET['listen']); echo onlineindex();if ($getpage=='news'){include "include/news.php";echo news();echo end($start_time);}?>

where can i put that code and what need to do?

not works

<?php function topicview(){function unMagicQuotify($ar) {  $fixed = array();  foreach ($ar as $key=>$val) {    if (is_array($val)) {	  $fixed[stripslashes($key)] = unMagicQuotify($val);    } else {	  $fixed[stripslashes($key)] = stripslashes($val);    }  }  return $fixed;}<form action="'.$_SERVER[REQUEST_URI].'" method="post" name="postform"><textarea name="post" rows="15" cols="80"></textarea></div>	  <p /><input type="submit" name="submit" value="Go" /></form>if(!empty($_POST['submit']))	  {	   if (!empty($_POST['post']))	   {			    $post=htmlspecialchars($_POST['post']);$search=array('<?','?>');$replace=array('<?', '?>'); $cleanedpost=str_replace($search, $replace, $post);	    $process = array($cleanedpost);$fixed = array();foreach ($process as $index=>$glob) {$fixed[$index] = unMagicQuotify($glob);} list($cleanedpost) = $fixed;echo $fixed;	   }}

full edited codeerrorWarning: Invalid argument supplied for foreach()and in the bottom it say Array in echo $fixed;

I don't see why it would give the warning you showed, there are obviously 4 arrays there.

if ($getpage=='forumview'){include "forum/forumview.php"; echo forumview();echo last($start_time);}

all fourview code i was put it in function and i was add your code in fuction, so it have 2 function, maybe i need to add something to the first function?

Add this and post what it shows:

echo '<pre>', print_r($_GET, true), print_r($_POST, true), print_r($_COOKIE, true), print_r($_REQUEST, true), '</pre>';

i try to add that code, but i have an errorWarning: Invalid argument supplied for foreach() ini was add this code

function unMagicQuotify($ar) {  $fixed = array();  foreach ($ar as $key=>$val) {    if (is_array($val)) {	  $fixed[stripslashes($key)] = unMagicQuotify($val);    } else {	  $fixed[stripslashes($key)] = stripslashes($val);    }  }  return $fixed;}$process = array($_GET,$_POST,$_COOKIE,$_REQUEST);$fixed = array();foreach ($process as $index=>$glob) {  $fixed[$index] = unMagicQuotify($glob);}list($_GET,$_POST,$_COOKIE,$_REQUEST) = $fixed;

the error target this pieceforeach ($ar as $key=>$val)